Governments Using, Also Fretting, Encrypted Communications App

from the you-can't-see-me dept

As Glyn recently wrote about, while governments around the world are busy diving further and further into their citizens personal communications over their cell phones and the internet, the implementation of cryptography has been slow to catch up. We could point to several reasons for this, but chief among them appears to be the difficulty in encryption for the average user. Now, an ex-Navy SEAL and security defense contractor is looking to change that.

Mike Janke is releasing a finished application, called Silent Circle, that is designed to provide encryption for communication and is supposedly easy to use. We've heard that promise before, so we'll have to see how close the reality matches the claims, but the goals are certainly lofty.

Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus, and Android in the works. An email service is also soon scheduled to launch.

The encryption is peer to peer, which means that Silent Circle doesn’t centrally hold a key that can be used to decrypt people’s messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a “burn” function, which allows you to set a time limit on anything you send to another Silent Circle user—a bit like how “this tape will self destruct” goes down in Mission: Impossible, but without the smoke or fire.

Without the smoke or fire? What the hell is the point? Well, according to Janke, the point is civil liberties. He states that the idea for this service, which will be subscription based, came about during his time overseas. He noted the lack of an easy to use but still secure method for calling his family back home, while also recognizing the erosion of civil liberties from government snooping, and decided to develop Silent Circle. His development team includes some notable figures, such as Phil Zimmerman (who invented PGP encryption) and Jon Callas (responsible for Apple's whole-disk encryption). Silent Circle is reportedly light years easier to use than other encryption methods and already has several customers, including international news outlets and special forces military units.

Still, despite governments seeing the value in the application for their own military forces, you just had to know they wouldn't be pleased with it appearing for use by the general public. But Janke insists the company has its bases covered to protect its customers.

The very features that make Silent Circle so valuable from a civil liberties and privacy standpoint make law enforcement nervous. Telecom firms in the United States, for instance, have been handing over huge troves of data to authorities under a blanket of secrecy and with very little oversight. Silent Circle is attempting to counter this culture by limiting the data it retains in the first place. It will store only the email address, 10-digit Silent Circle phone number, username, and password of each customer. It won’t retain metadata (such as times and dates calls are made using Silent Circle). Its IP server logs showing who is visiting the Silent Circle website are currently held for seven days, which Janke says the company plans to reduce to just 24 hours once the system is running smoothly.

Now, to be fair, there have been promises of easy to use and secure encryption methods in the past, and they've failed to gain any steam. Likewise, the open source community is enormously important in validating the security and usability of this kind of thing, and there are some questions being posed about exactly how much Silent Circle will be available for testing.

Nadim Kobeissi, a Montreal-based security researcher and developer, took to his blog last week to pre-emptively accuse the company of “damaging the state of the cryptography community.” Kobeissi’s criticism was rooted in an assumption that Silent Circle would not be open source, a cornerstone of encrypted communication tools because it allows people to independently audit coding and make their own assessments of its safety (and to check for secret government backdoors). Christopher Soghoian, principal technologist at the ACLU's Speech Privacy and Technology Project, said he was excited to see a company like Silent Circle visibly competing on privacy and security but that he was waiting for it to go open source and be audited by independent security experts before he would feel comfortable using it for sensitive communications.

Janke has indicated that, to some extent at least, Silent Circle will be available for scrutiny, though exactly to what level remains to be seen. That said, he is housing his infrastructure outside of the United States for fear of laws that would require him to build in back doors for government snooping. As a start up, he's asking for a great deal of trust from his users, but all the right words appear to be there.

But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.

“We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”

The question I find more interesting is does something like Silent Circle initiate the first United States government outlawing of an otherwise legal application?

Reader Comments

The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid.

done nothing wrong, have nothing to hide

What "civil liberties" activists have to understand, is that phrase "if you've done nothing wrong you have nothing to hide" have some sense.
I, personally, wouldn't spend single minute of my life on some "encrypted-p2p-whatever" app, for very simple reason. Since virtually all other mine (and of other people) communications are plain-text; using encryption of _some_ is like posting note for police - "here is stuff you want to look at".
Contrary to most people here, I (unfortunately) had an experience of living in totalitarian country - USSR. And you know what - KGB need not read everyone's mail or wiretap every single phone call. This stuff is as nice as painting your helicopter in black. Yea, that's cool too - but serve little function.
If for some reason, some intelligence agency (not necessary from US, mind you) will need to know contents of your mail/phone/sms - you _already_ in trouble. They won't bother to break encryption, they will break _you_.

Re: done nothing wrong, have nothing to hide

"if you've done nothing wrong you have nothing to hide" is a load of bollocks.

What if you innocently say something that taken out of context can be construed as a threat against someone? Who hasn't flippantly said "I'm gonna kill him" when talking about someone who has annoyed us? Or who hasn't uttered the words "This government are hopeless, I can't wait for the revolution"? Now, the vast majority of us have no intention of acting on those words but law enforcement does not have a sense of irony and those utterances could land a perfectly innocent person in some pretty hot water.

Re: Re: done nothing wrong, have nothing to hide

Yeah, similarly one should not yell greetings to their friend named Jack in an airport ... the entire globe has become an airport environment. So one had better just scurry along with your head down and not cause any trouble because the man will beat you down for the least little perceived objection to the totalitarian regime.

Re: done nothing wrong, have nothing to hide

Perhaps you forget too easily that what is "wrong" can be arbitrarily defined by whoever happens to be in power by the passing of bad laws. Perhaps you have forgotten about the reality of kangaroo courts and show trials. Without even knowing it, there are myriad laws you unintentionally break everyday. What if someone in power were to deem you "politically undesirable", and look through every communication you've ever made for the slightest hint of deviance or subversion, and use these pieces of evidence as the basis for trumped up charges against you?

Privacy allows a society to exist and function without the fear of being crushed by the clumsy and heavy hands of those who wield political power. The people in power have to understand that there are certain lines they cannot cross.

If a government wants to break a person, they use torture, the courts, and the prisons. Abstract algebra and number theory, however, do not yield to such tools.

Re: done nothing wrong, have nothing to hide

So something very personal that you would like to keep private is perfectly fine for everyone to know about?

The notion that you have nothing to hide is ridiculous! everyone has something to hide and there are things that the Government does not need to know! and this has nothing to do with national security.
Frankly the last organization I would want to see my private thoughts and conversations with family and friends is the Government. I've worked the better part of my life for Government organizations and I know first hand that they abuse their power and privileges. They snoop and read, share and spread and worst of all LAUGH at peoples private information. Just because someone applied to work for a government doesn't give them the right to snoop on our private information.

And remember they'll keep that information forever, not letting you know that it's there and will use it against you if you are ever in their sites for anything! Innocent or Guilty!

Re: done nothing wrong, have nothing to hide

Security services are switching from targeted monitoring of people to gathering all the data they can get hold of and then use computer system to search through the data. This results in bits of data being taken out of context.
The massive gathering of data can only be considered with the support of computer systems, and I doubt that the security services queries are any better than Google searches.
Note it can be very difficult to distinguish between a couple of people working an a work of fiction, or on a real assassination plot. In both cases there may be discussion of weapons characteristics and locations and site lines from buildings etc. The current government paranoia about terrorists only increases the risks to innocent people in such situations.

Re: done nothing wrong, have nothing to hide

is that phrase "if you've done nothing wrong you have nothing to hide" have some sense.

Except that it's factually incorrect. If you're doing something wrong, you certainly have something to hide. However, a 100% innocent person also has quite a lot to hide, from health status through financial data through sexting to their spouse and so on.

If for some reason, some intelligence agency (not necessary from US, mind you) will need to know contents of your mail/phone/sms - you _already_ in trouble.

This is true -- and indeed, if you are engaging in actions that are of extreme interest to an intelligence or law enforcement agency, casual encryption like this is not a huge help to you (but can be helpful as part of a larger security strategy).

Casual encryption like this is helpful, however, in preventing fishing expeditions and widespread data mining. These sorts of operations are more of a threat to "innocent" people anyway, as they tend to have a higher rate of false positives and can get you wrongly sucked up into the security apparatus.

Re: Re: done nothing wrong, have nothing to hide

I'd go one step further. If you have no reason to know, then I have no reason to tell you. It doesn't matter if I have no personal health secrets, or if I were an amateur exhibitionist porn star. If I don't want the government or anyone else to know something, and I've done nothing illegal, then they have no business knowing it, no matter how personal or nonpersonal it may be. If I want to encrypt my boring grocery list of milk and eggs, then by golly I will and the police don't need to know it.

Re: done nothing wrong, have nothing to hide

Re:

If it's easy enough to use, I'll probably be using it, and I don't have anything to hide. I just think it would be funny to make the government spend tons of man/computing hours to try and figure out that my wife just text'd me the grocery list. And that is what very well save this app, popular usage. If EVERYONE is using it, then it doesn't look nearly as suspicious.

Re: Re:

the interface uses the phones original look and feel,
so if you can call on an iphone, you can use this app.

i agree that if everyone is using it, why would they single out any one person for using the service,

to the people who confuse privacy with something to hide,
ARE THE WALLS ON YOUR TOILET GLASS, what do you have to hide,?
after all your doing nothing wrong

oh the internet, anyone using that must must be a criminal hacker.\sarcasm off

the i have done nothing wrong statement sends chills down my spine, are you aware on the internet there are identity thieves? that intellectual property is worth stealing?
or that private information "is private" i like talking dirty to my girl, (would prefer my sex life was between me and my girl).

i have heard that "most" of the details will be "open sourced" and the community will be able to get their hands on it as soon as the papers are finalised.

Re: Re:

My fiancee and I share a dropbox folder with a small text list for groceries. Felt it worked better than writing down a list or having to remember to text it. Now we just add something to the list and its always with both of us. When we buy it, remove from list. Updates everywhere! =D

Re:

The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid.

Re: Re:

I hate to say it, but his point is actually valid. If you are the only person who is encrypting data then it draws attention. The defense there is for everyone to encrypt all of their data, but we have a ways to go to get to that point.

Re: Re: Re:

Re: Re: Re:

Well, simply, everyone should use encryption for everything as a matter of course. It should be built into mail applications. You wouldn't post a letter unsealed, or write your correspondence on postcards, so why would you not take the trouble to seal email?

I'm regularly asked to sign Draconian non-disclosure agreements for my business, yet the people who are so concerned for their secrets are quite happy to exchange drawings and sensitive business information by unencrypted email that can be snooped from any place on the planet. I've had PGP or its equivalent for twenty years and I always ask these NDA folk to exchange keys, but so far nobody has ever bothered.

Re: Re: Re:

Re: Re: Re:

They (like mos if not all such sites) capture all IP addresses for analysis purposes (hey where are people coming from) and also to help us users differentiate between different AC's. I'm sure he also uses it to weed out spam, and to block abusers. He doesn't use the IP addresses to glean the information.. anybody who reads this blog for any length of time has gleaned the information on their own.

Re: Re: Re:

IP addresses are usually set up to be DHCP (Dynamic Host Configuration Protocol). As the acronym implies these Dynamic IPs are temporarily assigned to a network device such as a computer or tablet then later get reassigned to a different network device. In short IP addresses do not identify an individual or usually even a particular computer. They generally identify a Starbucks, McDonalds or an ISP, not really a person.

Re:

Re: Re:

Exactly. If he truly believed what he said, then he'd encrypt his communication and then pass out the key. That way law enforcement would know to look at his communications and be able to decrypt it easily so that they'd know he has nothing to hide.

AC, why are you hiding your communication in with all of the other innocent people? Got something to hide, eh?

Re:

"The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid."

What it is is a response born out of paranoia that a government agency is attempting to track your every move. The problem here is ...they really are trying to track your every move. They basically admit to as much, what with all their domestic spying programs, willfully infringing people's Constitutional rights.

What people such as yourself fail to realize is that we're supposed to have privacy rights, like being able to communicate without the government snooping. That said, I don't think I would ever trust a closed encryption app with a central database such as this. For all we know it could be a government smokescreen to easy data-gathering. It's being fronted, after all, by an ex-Navy seal.

Re: Re:

The Real Mike has a point. It is the job of American government to protect the civil liberties of it's citizens. Failing to do that, then it is our responsibility to do so ourselves. What we happen to be doing at the time is irrelevant.

Re: Re:

This. My company has encrypted every internal email for the last ten years. Our office and servers are all virtual, so our communications are frequently going over public networks. We use several layers of encryption, including GPG/PGP on our emails, in case one of our devices were to get intercepted. By whom? We don't care; any leak would be bad. We encrypt everything, whether it includes sensitive client data, product plans, corporate strategies, meeting requests or "hey have you seen this cheap computer on a stick? we should buy like a hundred of them and make a beowulf cluster". (Not an actual email, but you get the idea.)

A lot of our work is for companies whose data is privileged, and not encrypting it could get us into trouble. So why attract unscrupulous parties to the good stuff by only encrypting some of it?

As for this product, I can't imagine we'd use it simply because we (and security auditors we trust) can't see the code. And the "self-destructing" functionality sounds like something Microsoft would come up with, imagining a world where no one has virtual machines with which to take screenshots or headphone jacks with which to hook up a voice recorder. It intimates that they expect a level of control over my equipment that I'm not willing to give them without (at least) the same level of control over their code.

We'll stick with GPG and other open-source tools, thanks. For business, anyway. When most of the people I know outside of business are so comfortable talking about intimate things on Facebook or Twitter that it's comical, I don't have a lot of hope for getting them to run a special app just to talk to me privately.

Re:

Re: Re:

Here's what I say to all the people who retread the tired "If you've done nothing wrong then you've got no reason to hide" diatribe: Why not invite an agent to permanently live with you and monitor all of your communications, because that's essentially what you're advocating for when you defend this wholesale intrusion of people's privacy.

"Do unto others as you would have them do unto you." Words of wisdom. If you resent being spied on for any reason then don't spy on others. The people are supposed to have guaranteed rights, bought and paid for with blood. Therefore, to infringe upon those rights is to show utter contempt for the memories of those who sacrificed themselves.

Re: Re: Re: Re:

Re:

Ever heard of steganography?

Steganography is the art/science of writing messages in such a way that, to the outside observer, it is not immediately obvious what the nature of the communication is.

For example, I could trivially disguise VoIP traffic as HTTP traffic. For anyone that is analysing Internet traffic, it will not be immediately obvious (as in, general purpose computer algorithms won't catch it) that I am using VoIP, and not surfing the web.

That, coupled with cryptography, would make the work of anyone trying to passively pick up "evil" conversations incredibly hard. You don't stand out in the crowd, because your communications are indistinguishable for the "background noise" of the network.

Plus, I believe that some day, all our communications will be encrypted. It just makes sense for security and integrity purposes, and the overhead is not all that great. Many sites already offer HTTPS. Things are already heading that way...

Re: Re: Re:

Re:

Yes, I have something to hide. But hide from whom?

When I encrypt my communications, it is not to hide from the government. It is to hide from hackers. It is to hide from people sniffing the open WiFi hotspot I am using. It is to hide from a worm on a nearby machine intercepting and redirecting my communications. It is to hide from criminals which could use my information, no matter how insignificant it might seem, as a starting point for identity theft or worse.

But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.

I'm confused; If this is an app that you download to a mobile device and it generates encryption keys on the fly, why does it need servers?

Re:

Re: Re:

I'm no expert, but I'd guess that you need to download the app from somewhere

You don't need servers in different countries just to offer an app for download. As hard as it might be to believe, a user in one country can actually connect to and download from a server that's based in another country. Even more amazing, this works from any country to any other country (barring government censorship).

Re:

I don't know this app in particular, but have produce several similar applications in my day. They probably need the servers to facilitate the users being able to contact each other.

It's trickier than it sounds due to the fact that the IP address of the end points can and do change, especially with mobile devices. The simplest way around this is to have a directory server that tracks who is at what IP address at any given moment.

Re:

I can guess that it's something like Skype.

You log into Skype with your username and password. Skype's servers now know what machine you're using and its IP address. Your friend then logs in with their own account, Skype knows what machine they're on and their IP address. Your friend calls you, Skype's servers then tell his computer what your IP address is at the time, so he connects to you. From that point on, all the communication data goes between only your two computers, not Skype (or this app in this case).

Re:

Why the middleware?

I would love to see a service like this buy why can't it be software that runs on the endpoints and function without middleware? Whenever there is middleware, there is danger of backdoors, hacking, etc. Just look at RIM in India. If I could run an app that could communicate with the same app on another mobile device with no middleware, I would be interested.

Re:

Thought this was a good idea until I went to subscribe... $20/month for their basic service? I'd be willing to give em a one-time contribution of $5 for their efforts... this just sounds like a money grab masquerading as tool to protect free speech... not likely to catch on anytime soon.

The question I find more interesting is does something like Silent Circle initiate the first United States government outlawing of an otherwise legal application?

How people so easily forget.

After WWII and basically still in existence in some form until 2000 (after the signage of the Wassenaar Arrangement - which only allowed short key encryption) it was a criminal offence for a US citizen to distribute or sell in any way whatsoever encryption technology outside of the USA. In fact the military placed it on the United States Munitions List.

Now the USA has the U.S. Export Administration Regulations (EAR) which makes it an offence to export to certain countries (ie Cuba, Iran, North Korea, Sudan & Syria) or if to be used in the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems (drones) etc.. and the list goes on.. This is also for ANY software producer residing in the USA including Open Source programs.

Philip Zimmermann's was investigated by the FBI and Customs service in early 90's for his release of PGP onto the internet. RSA wanted it stopped, so did the US Govt.. The ONLY reason it was allowed was the outcry and the US discovering that they are NOT the only country who can create code.

Then luckily in 1999 David Bernstein pissed off the USG by winning Bernstein v. United States Dept. of Justice, 192 F.3d 1308 (9th Cir. 1999). Though the USG only loosened restrictions, and well...

the DMCA was born which criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology (now known or later discovered) and IS STILL THE LAW, though not enforced.

So umm.. yeah back to your original question.

It's already outlawed, you just forgot about it.

[personally I wouldn't use this since it is still relying on a third party for routing and key generation/seeding. Give me a white noise/star generator anyday with one time pads.]

Re:

Re:

>> ... and the US discovering that they are NOT the only country who can create code.
Ah, what a lovely arrogance. Some people in US _still_ believe in modern version of "manifest destiny".
Yep, there are people on this planet capable to write encryption program and not living in US. What a surprise, really.

The saddest part

The saddest part of this is that an ex-Navy SEAL is hosting his app servers outside of the US for fear of what the government he used to work for will try to do. Does this fact scream out to anyone else besides me?

Re: The saddest part

Tagged "insightful", however there is a little more to this. Yes, the govt would almost certainly try to pressure a small startup into adding a backdoor. But also, there are laws about exporting encryption capability, and being outside of the U.S. may simplify marketing in other countries. (http://www.bis.doc.gov/encryption/default.htm)

"Here's what I say to all the people who retread the tired "If you've done nothing wrong then you've got no reason to hide" diatribe: Why not invite an agent to permanently live with you and monitor all of your communications, because that's essentially what you're advocating for when you defend this wholesale intrusion of people's privacy."

I'm down with a live in agent. Boy, won't someone be surprised when they break into my house, steal my stuff, and it turns out the government had RFID tags and wire taps in all the stuff they stole? MUAHAHAHA! Also, the dude would probably use my internet to pirate shit and we can watch free movies. Double Win! Even better, the government would have to PAY me for this. TRIPLE WIN!

"The saddest part of this is that an ex-Navy SEAL is hosting his app servers outside of the US for fear of what the government he used to work for will try to do. Does this fact scream out to anyone else besides me?"

It should scream out what everyone should already know. I don't care WHAT government you have, if you aren't at the least wary of it, you're just plain negligent.

security through obfuscation...

*many*, *many* years ago when *E*C*H*E*L*O*N, *G*R*E*E*N*L*A*N*T*E*R*N, etc were merely rumors of whacked-out k-k-k-konspiracy mongers (like me!), and subsequently turned out to be -not just 100% true- but 200% true, i suggested that we all append a list of assumed trigger words in ALL our emails...

*IF* even a small-ish proportion of regular folks did this, then it would make intercepting/reading emails based on these trigger words effectively useless...

BUT, why is it i have to defend myself against my 'own' (sic) gummint, again ? ? ?

still waiting

Like others here, I love encryption but won't use (much less subscribe to) a service that asks me for so much trust.

In particular:

“We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”

Shutting the company down is one thing; going to jail is something else. What if someone gets into legal trouble over taxes, or stands to lose child custody in a divorce, and a man from the Justice Department shows up and offers to help? Suppose the FBI spreads out some photos on the table and says "we're tracking a major [VILLAIN OF THE MONTH] and we can nail him if you help us". How many employees of this company have the ability to compromise Silent Circle? Which of them is the most naive? Which one loves money the most? Or just doesn't care much about flawless security protocols?

To put it another way: apart from embarrassment, what is the consequence of a leak for Janke & Friends? Is it nothing? I'll bet it's nothing.